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DETAILED ACTION 

This application has been examined. Claims 1- 13, 15- 28 are pending. Claim 
14 has been cancelled. Claims 1,18, 24, and 25 have been amended per Amendments 
submitted on 06/20/2005. 

Priority 

The effective date of the subject matter in the claims in this application is 
November 9, 2001 . 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1, 18, 24, 25 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

The term "connected closer in said communications network" in claims 1, 18, 24 
is a relative term which renders the claim indefinite. The term "connected closer" is not 
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defined by the claim, the specification does not provide a standard for ascertaining the 
requisite degree, and one of ordinary skill in the art would not be reasonably apprised of 
the scope of the invention. 

The term "to enable said middlebox control node to control said first middlebox" 
in claims 1,18, and 25 is a relative term which renders the claim indefinite. The term " 
to control " is not defined by the claim, the specification does not provide a standard for 
ascertaining the requisite degree, and one of ordinary skill in the art would not be 
reasonably apprised of the scope of the invention. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, 
subject to the conditions and requirements of this title. 

Claims 21-22 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claims 21-22 describe ' propagated signals', 
said signals do not belong to any classification of statutory subject matter. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 1-12, 15-16, 18-28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Schuster et al. (US Patent 6822957) hereinafter referred to as 
Schuster, in view of Huitema (IETF Working Document 'MIDCOM Scenarios'), further in 
view of Handley et al. ( IETF Working Document RFC2327 'SDP:Session Description 
Protocol'), hereinafter referred to as Handley . 

For the purpose of examination, due to the 35 U.S.C. 112, second paragraph 
deficiency previously cited, Claims 25-28 are interpreted to describe a 'middlebox 
control node' and 'middlebox-identity-providing node' instead of 'computer program' as 
currently submitted by the Applicant . 

With respect to Claim 1 , Schuster discloses a method of controlling one of a 
plurality of NAT devices in a communications network, each of the NAT devices being 
connected to a plurality of entities in an address realm of the communications network, 
(Figures 1-2, 9-10, 13-14) said method comprising the steps of: (i) receiving a control 
message at a NAT -identity-providing node in the communications network, said control 
message comprising information about one of the entities in the communications 
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network; (Column 19 Lines 15-30) (ii) using the NAT identity providing node to 
determine the identity of a first NAT connected to said one entity; (Column 19 Lines 
40-65) (iii) sending said identity to a NAT control node (Item 24) in the communications 
network in order to enable said NAT control node to control said first NAT ; and wherein 
the NAT -identity-providing node (Items 26, 38, 40, 44) is separate from the NAT 
control node (Item 24) and is connected closer in said communic ations network to said 
one of the entities than the NAT control node. (Column 18 Lines 50-65,Column 23 
Lines 10-50) 

With respect to Claim 2, Schuster discloses a method as claimed in claim 1 
wherein said step (iii) of sending said identity comprises adding said identity to a control 
message and sending said control message. (Figure 13-14, Column 23 Lines 20-25) 

With respect to Claim 3, Schuster discloses a method as claimed in claim 2 
wherein additional information is also added to the control message. (Figure 13-14, 
Column 23 Lines 20-25) 

With respect to Claim 6, Schuster discloses a method as claimed in claim 1 
wherein said control message is a call set-up message and said method further 
comprises controlling said first NAT in order to set-up a call from said one entity to 
another entity connected to a second NAT in the communications network. (Column 19 
Lines 15-30) 
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With respect to Claim 7, Schuster discloses a method as claimed in claim 6 
wherein said second NAT is connected to a plurality of entities in a second address 
realm different from the first address realm of the entities connected to the first NAT . 
(Figure 1, Column 5 Lines 30-50) 

With respect to Claim 8, Schuster discloses a method as claimed in claim 7 
wherein the NAT control node is within a third address realm different from the first and 
second address realms. (Figure 1 , Column 5 Lines 30-50) 

With respect to Claim 9, Schuster discloses a method as claimed in claim 8 
wherein the third address realm is public. (Figure 1 , Column 5 Lines 30-50) 

With respect to Claim 10, Schuster discloses a method as claimed in claim 9 
wherein the first and second address realms are private. (Figure 1 , Column 5 Lines 30- 
50) 

With respect to Claim 1 1 , Schuster discloses a method as claimed in claim 1 
wherein the NAT -identity-providing node is selected from: one of the NATs; a gateway 
in the communications network; said one entity, being a user terminal in the 
communications network; a gateway comprising a business services channel manager 
(BSCM). (Column 19 Lines 45-55) 
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With respect to Claim 12, Schuster discloses a method as claimed in claim 6 
wherein said call passes through two or more NAT s and wherein information about the 
identity of each such NAT is added to said control message. (Figure 7, Column 14 
Lines 20-45, Column 22 Lines 60-65) 

With respect to Claim 15, Schuster discloses a method as claimed in claim 1 
wherein each of the NATs is selected from a firewall, a network address translator 
(NAT), and a quality of service device . (Column 6 Lines 25-30) 

With respect to Claim 16, Schuster discloses a method as claimed in claim 1 
wherein said NAT -identity-providing node is arranged to determine the identity of the 
first NAT by using pre-specified information. (Column 16 Lines 30-40) 

With respect to Claims 18-19, the Applicant describes a communications network 
having the same limitations as described in Claims 1-12, 15-16. Claims 18-19 are 
rejected on the same basis as Claims 1 -12, 15-16. 

With respect to Claim 22, Schuster discloses a signal as claimed in claim 21 
wherein said information about the identity of a middlebox is selected from, a fully- 
qualified domain name (FQDN) and an internet protocol address(Column 19 Lines 15- 
30) 
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describes a control node with the same 
Claims 23 is rejected on the same basis 



With respect to Claims 24, the Applicant describes a identity-providing node with 
the same limitations as described in Claims 1-12, 15-16. Claims 24,27 are rejected on 
the same basis as Claims 1-12,1 5-1 6. 

With respect to Claim 25, Schuster disclosed (currently amended) A computer 
program arranged to control a NAT control node, said NAT control node (Schuster- 
Figures 1 , Item 24) comprising an input arranged to receive a control message 
(Schuster - Column 19 Lines 15-30) comprising information about the identity of one of 
the NATs; (Column 19 Lines 40-65) and a processor arranged to issue messages to the 
identified NAT in order to control it; such that in use the NAT control node is able to 
control the identified NAT without the need to maintain its own store of information 
about the identities of the NATs (Schuster - Column 24 Lines 5-10) and without the 
need to maintain its own discovery mechanism to discover the identities of the NATs; 
the computer program comprising program code executable by the processor in order to 
enable the NAT control node to: - receive a control message comprising information 
about the identity of one of the NATs; (Schuster - Column 1 9 Lines 1 5-30) and to issue 
messages to the identified NAT in order to control it. 
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With respect to Claims 26 and 28, the Applicant describes a computer program in 
a medium for the computer program in Claim 25. Claims 26 and 28 are rejected on the 
same basis as Claim 25. 

With respect to Claim 27, Schuster disclosed (currently amended) A computer 
program arranged to control a NAT identity-providing node, said NAT identity providing 
node (Schuster - Figure 1 Items 26, 38, 40, 44) comprising an input arranged to 
receive a control message comprising information about one of a plurality of entities in 
the communications network; (Column 22 Lines 15-25) a processor arranged to 
determine the identity of a first NAT connected to said one entity; and an output 
arranged to send said identity to a NAT control node in the communications network: 
(Column 21 Lines 45-55) and wherein said NAT-identity providing node is arranged to 
be closer in said communications network to said one of the entities than the NAT 
control node: the computer program comprising program code executable by the 
processor in order to enable the NAT identity-providing node to receive a control 
message comprising information about one of a plurality of entities in the 
communications network; (Column 22 Lines 15-25) to determine the identity of a first 
NAT connected to said one entity; and send said NAT identity to a NAT control node in 
the communications network. (Column 23 Lines 30-35) 

However Schuster does not disclose certain features of the invention, as follows: 
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With respect to Claims 1-12, 15-16, 18-27, Schuster does not disclose of a 
middlebox device in the network. 

With respect to Claim 4, Schuster does not disclose a method as claimed in 
claim 2 wherein said control message is a session description protocol (SDP) message. 

With respect to Claim 5, Schuster does not disclose a method as claimed in 
claim 4 wherein said identity is added to an SDP message using a pre-specified SDP 
attribute 

With respect to Claim 20, Schuster does not disclose a communications network 
as claimed in claim 19 wherein said control message is a session description protocol 
message. 

With respect to Claim 21 , Schuster does not disclose a signal comprising a 
session description protocol message comprising an attribute containing information 
about the identity of a middlebox. 

Huitema discloses of different scenarios for describing the MIDCOM protocol as 
used for devices in the network that provide transport policy enforcement. Huitema 
discloses that examples of said 'policy enforcement' devices include firewall and 
network address translators, such devices being a subset of what are otherwise referred 
to as 'middleboxes'. (Abstract) Huitema also discloses that session description protocol 
(SDP) messages may be used to initiate and facilitate the communication control 
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process between the middleboxes and the other devices involved. The SDP messages 
may include identification information regarding the middlebox.(Section 2.3.6 Multiple 

Ports, Port Ranges) 

Handley discloses of the Session Description Protocol including specifications 
for passing pre-defined attributes regarding the session and media involved in the 
session. The 'attribute' mechanism ("a=" described below) is the primary means for 
extending SDP and tailoring it to particular applications or media. Some attributes (the 
ones listed in this document) have a defined meaning but others may be added on an 
application-, media- or session-specific basis. (Section 6 - SDP Specification) 

Schuster , Huitema and Handley are analogous art because they present 
concepts and practices regarding communication control for middlebox devices such as 
NATs and firewalls. 

The Examiner respectfully suggests that at the time of the invention it would 
have been obvious to combine the teachings on middleboxes and SDP messages by 
Huitema into Schuster . The combination of Huitema into the network of Schuster 
would 1) enable the devices in the network to communicate and pass identification 
information using the SDP messages, and 2) enable the public and private networks 
(and their respective call control management systems) of Schuster to recognize and 
control the NAT as a 'middlebox'. The suggested motivation for doing so would be, as 
Huitema suggests, enable the network of Schuster to 1 ) allow for third parties to 
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provide transport policy enforcement, and 2) overcome the traversal scenarios that 
Huitema describes. (Abstract, Introduction) 

Furthermore, the Examiner respectfully suggests that at the time of the 
invention it would have been obvious to combine the teachings regarding pre-defined 
attributes mechanisms on SDP messages by Handley into the combined teachings of 
Huitema and Schuster . The said combination of Handley into the combined network 
of Huitema and Schuster would facilitate sending the identity information from the 
middlebox to the other devices in the network. The suggested motivation for combining 
would have been, as Handley suggests, in order to have a standard format for session 
initiation-related information, using text in the ISO 10646 character set in UTF-8 
encoding for enhanced portability. The encoding was designed with strict order and 
formatting rules so that most errors would result in malformed announcements which 
could be detected easily and discarded. This also allows rapid discarding of encrypted 
announcements for which a receiver does not have the correct key. (Section 6 - SDP 
Specification) 

Therefore it would have been obvious to combine Huitema into Schuster , and 
further combine Handley into the combination of Huitema and Schuster , in order to 
arrive at the invention as described in Claims Claims 1-12, 15-16, 18-27. 

Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schuster 
et al. (US Patent 6822957) hereinafter referred to as Schuster, in view of Huitema (IETF 
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Working Document 'MIDCOM Scenarios'), further in view of Handley et al. ( IETF 
Working Document RFC2327 'SDP: Session Description Protocol'), hereinafter referred 
to as Handley, further in view of Srisuresh et al. (IETF Working Document ' Middlebox 
Communication Architecture and Framework'), hereinafter referred to as Srisuresh. 

With respect to Claim 13, the combination of Schuster, Huitema and Handley do 
not disclose a method as claimed in claim 1 wherein said NAT control node is a 
MIDCOM agent. 

Srisuresh discloses the MIDCOM Architecture and Framework wherein the 
middlebox controlling node is called a MIDCOM agent. Srisuresh discloses said 
MIDCOM agents to be nodes external to a middlebox, possessing a combination of 
application specific intelligence and knowledge of middlebox function so as to assist the 
middleboxes to perform their functions. (Section 4.0 MIDCOM Agents) 

Schuster , Huitema, Handley and Srisuresh are analogous art because they 
present concepts and practices regarding communication control for middlebox devices 
such as NATs and firewalls. The Examiner respectfully suggests that at the time of the 
invention it would have been obvious to combine the teachings on MIDCOM agents by 
Srisuresh into the combination of Schuster , Huitema, and Handley . The combination 
of Srisuresh into the network of Schuster, Huitema, and Handley would 1) allow the 
registration servers, proxy servers, and other network devices configured for distributed 



Application/Control Number: 10/037,043 Page 14 

Art Unit: 2144 

network address translation to be enabled as a MIDCOM agents. The suggested 
motivation for doing so would have been, as Srisuresh suggests, to take advantage of 
existing in-path and out-of-path devices that already possess the application 
intelligence. (Section 4.1.1 In-Path MIDCOM Agent Illustration) 

Therefore it would have been obvious to combine Srisuresh into the combination 
of Huitema, Schuster, and Handley in order to arrive at the invention as described in 
Claim 13. 



Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schuster 
et al. (US Patent 6822957) hereinafter referred to as Schuster, in view of Huitema (IETF 
Working Document 'MIDCOM Scenarios'), further in view of Handley et al. ( IETF 
Working Document RFC2327 'SDP: Session Description Protocol'), hereinafter referred 
to as Handley, further in view of Mahler et al. (US Patent 6381638), hereinafter referred 
to as Mahler . 

With respect to Claim 17, the combination of Schuster, Huitema, and Handley 
do not disclose a method as claimed in claim 1 wherein said middlebox-identity- 
providing node is arranged to determine the identity of the first middlebox by 
automatically analysing the communications network. 
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Mahler discloses of communication protocol for NAT type devices, wherein the 
NAT router intercepts an outgoing packet and changes the source IP address of the 
packet equal to the IP address of the router itself. The modified packet is forwarded to 
the destination server. The socket created by the server reflects that the connection is 
between itself and the router, even though the actual connection is between itself and 
the originating host. (Column 4 Lines 10-50) Mahler also describes 1) sending router 
identifier information to the servers and 2) using address and port mapping tables in 
order to maintain recognition of the NAT router and reduce address translation during 
the actual session. (Figure 9, Column 11 Lines 55-65, Column 12 Lines 1-25) Using 
said protocol and method the server and other devices in the network are made aware 
of the NAT router. 

Schuster, Huitema, Handley, and Mahler are analogous art because they 
present concepts and practices regarding communication control for middlebox devices 
such as NAT routers. 

The Examiner respectfully suggests that at the time of the invention it would 
have been obvious to combine the teachings on detecting NAT devices by Mahler into 
the combination of Schuster, Huitema, and Handley . The combination of Mahler into 
the combination of Schuster, Huitema, and Handley would 1) other device in the 
network to detect the NAT device and determine the NAT device identification 
information. The suggested motivation for doing so would have been, as Mahler 
suggests, in order to overcome shortcomings for certain protocols when used in 
conjunction with NAT devices. (Column 3 Lines 1-10) 
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Therefore it would have been obvious to combine Mahler into the combination of 
Schuster, Huitema, and Handley , in order to arrive at the invention as described in 
Claim 17. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-12, 15-16, 18-27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Xu et al. (US Publication 2002/01 14322) hereinafter referred to as 
Xu, in view of Huitema (IETF Working Document 'MIDCOM Scenarios'), further in view 
of Handley et al. ( IETF Working Document RFC2327 'SDP:Session Description 
Protocol'), hereinafter referred to as Handley . 

Wth respect to Claim 1 , Xu discloses a method of controlling one of a plurality of 
NAT/Firewalls in a communications network, each of the NAT/Firewalls being 
connected to a plurality of entities in an address realm of the communications network, 
(Figures 1-2B) said method comprising the steps of: (i) receiving a control message at a 
NAT/Firewall-identity-providing node in the communications network, said control 
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message comprising information about one of the entities in the communications 
network; (Page 4 Paragraph 49) (ii) using the NAT/Firewall identity providing node to 
determine the identity of a first NAT/Firewall connected to said one entity; (Page 4 
Paragraph 51 ) (iii) sending said identity to a NAT/Firewall control node in the 
communications network in order to control said first NAT/Firewall ; and wherein the 
NAT/Firewall -identity-providing node (Items 14a , 20) is separate from the 
NAT/Firewall control node (Item 18) and is more directly connected to said one of the 
entities than the NAT/Firewall control node. (Page 5 Paragraph 52-55, Page 8 
Paragraph 94-97) 

With respect to Claim 2, Xu discloses a method as claimed in claim 1 wherein 
said step (iii) of sending said identity comprises adding said identity to a control 
message and sending said control message. (Page 4 Paragraph 51 ) 

With respect to Claim 3, Xu discloses a method as claimed in claim 2 wherein 
additional information is also added to the control message. (Page 4 Paragraph 51) 

With respect to Claim 6, Xu discloses a method as claimed in claim 1 wherein 
said control message is a call set-up message and said method is arranged to control 
said first NAT/Firewall in order to set-up a call from said one entity to another entity 
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connected to a second NAT/Firewall in the communications network. (Page 4 
Paragraph 51 , Page 5 Paragraph 61 -64) 

With respect to Claim 7, Xu discloses a method as claimed in claim 6 wherein 
said second NAT/Firewall is connected to a plurality of entities in a second address 
realm different from the first address realm of the entities connected to the first 
NAT/Firewall . (Figure 1, Page 4 Paragraph 41) 

With respect to Claim 8, Xu discloses a method as claimed in claim 7 wherein 
the NAT/Firewall control node is within a third address realm different from the first and 
second address realms. (Figure 1, Page 4 Paragraph 41) 

With respect to Claim 9, Xu discloses a method as claimed in claim 8 wherein 
the third address realm is public. (Figure 1, Page 4 Paragraph 41) 

With respect to Claim 10, Xu discloses a method as claimed in claim 9 wherein 
the first and second address realms are private. (Figure 1, Page 4 Paragraph 41) 

With respect to Claim 1 1 , Xu discloses a method as claimed in claim 1 wherein 
the NAT/Firewall -identity-providing node is selected from: one of the NAT/Firewalls; a 
gateway in the communications network; said one entity, being a user terminal in the 



Application/Control Number: 10/037,043 Page 19 

Art Unit: 2144 

communications network; a gateway comprising a business services channel manager 
(BSCM). (Figure 1 , Page 4 Paragraph 41 ) 

With respect to Claim 12, Xu discloses a method as claimed in claim 6 wherein 
said call passes through two or more NAT/Firewalls and wherein information about the 
identity of each such NAT/Firewall is added to said control message. (Page 5 
Paragraph 61-64) 

With respect to Claim 15, Xu discloses a method as claimed in claim 1 wherein 
each of the NAT/Firewall es is selected from, a firewall, a network address translator 
(NAT), and a quality of service device . (Figure 1 , Page 4 Paragraph 41 ) 

With respect to Claim 16, Xu discloses a method as claimed in claim 1 wherein 
said NAT/Firewall -identity-providing node is arranged to determine the identity of the 
first NAT/Firewall by using pre-specified information. 

With respect to Claims 18-19, the Applicant describes a communications network 
having the same limitations as described in Claims 1-12, 15-16. Claims 18-19 are 
rejected on the same basis as Claims 1-12, 15-16. 

With respect to Claim 22, Xu discloses a signal as claimed in claim 21 wherein 
said information about the identity of a middlebox is selected from, a fully-qualified 



Application/Control Number: 10/037,043 
Art Unit: 2144 

domain name (FQDN) and an internet protocol address. (Page 
8 Paragraph 94) 

With respect to Claims 23, the Applicant describes a control node with the same 
limitations as described in Claims 1-12, 15-16. Claims 23 is rejected on the same basis 
as Claims 1-12, 15-16. 

With respect to Claims 24 the Applicant describes a identity-providing node 
with the same limitations as described in Claims 1-12, 15-16. Claims 24 is rejected on 
the same basis as Claims 1-12,1 5-1 6. 

With respect to Claim 25, Xu disclosed (currently amended) A computer 
program arranged to control a NAT control node, said NAT control node (Xu - Figure 1 
Item 18) comprising an input arranged to receive a control message (Xu - Paragraph 
49) comprising information about the identity of one of the NATs; and a processor 
arranged to issue messages to the identified NAT in order to control it; such that in use 
the NAT control node is able to control the identified NAT without the need to maintain 
its own store of information about the identities of the NATs and without the need to 
maintain its own discovery mechanism to discover the identities of the NATs; the 
computer program comprising program code executable by the processor in order to 
enable the NAT control node to: - receive a control message comprising information 
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about the identity of one of the NATs; (Xu - Paragraph 49) and to issue messages to 
the identified NAT in order to control it. (Xu - Paragraph 52-55, Paragraph 94-97) 

With respect to Claims 26 and 28, the Applicant describes a computer program in 
a medium for the computer program in Claim 25. Claims 26 and 28 are rejected on the 
same basis as Claim 25. 

With respect to Claim 27, Xu disclosed (currently amended) A computer 
program arranged to control a NAT identity-providing node, said NAT identity providing 
node (Figure 1 Item 14, Item 16) comprising an input arranged to receive a control 
message comprising information about one of a plurality of entities in the 
communications network; (Xu - Paragraph 49) a processor arranged to determine the 
identity of a first NAT connected to said one entity; and an output arranged to send said 
identity to a NAT control node in the communications network: (Paragraph 49) and 
wherein said NAT-identity providing node is arranged to be closer in said 
communications network to said one of the entities than the NAT control node: the 
computer program comprising program code executable by the processor in order to 

enable the NAT identity-providing node to receive a control message comprising 

information about one of a plurality of entities in the communications network; 

(Paragraph 49) to determine the identity of a first NAT connected to said one entity; 

and send said NAT identity to a NAT control node in the communications network. 

(Paragraph 52-55, Paragraph 94-97) 
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However Xu does not disclose certain features of the invention, as follows: 
With respect to Claims 1-12, 15-16, 18-27, Xu does not disclose of a middlebox 

device in the network. 

With respect to Claim 4, Xu does not disclose a method as claimed in claim 2 
wherein said control message is a session description protocol (SDP) message. 

With respect to Claim 5, Xu does not disclose a method as claimed in claim 4 
wherein said identity is added to an SDP message using a pre-specified SDP attribute 

With respect to Claim 20, Xu does not disclose a communications network as 
claimed in claim 19 wherein said control message is a session description protocol 
message. 

With respect to Claim 21 , Xu does not disclose a signal comprising a session 
description protocol message comprising an attribute containing information about the 
identity of a middlebox. 

Huitema discloses of different scenarios for describing the MIDCOM protocol as 
used for devices in the network that provide transport policy enforcement. Huitema 
discloses that examples of said 'policy enforcement' devices include firewall and 
network address translators, such devices being a subset of what are otherwise referred 
to as 'middleboxes'. (Abstract) Huitema also discloses that session description protocol 
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(SDP) messages may be used to initiate and facilitate the communication control 
process between the middleboxes and the other devices involved. The SDP messages 
may include identification information regarding the middlebox. (Section 2.3.6 Multiple 

Ports, Port Ranges) 

Handley discloses of the Session Description Protocol including specifications 
for passing pre-defined attributes regarding the session and media involved in the 
session. The 'attribute' mechanism ("a=" described below) is the primary means for 
extending SDP and tailoring it to particular applications or media. Some attributes (the 
ones listed in this document) have a defined meaning but others may be added on an 
application- media- or session-specific basis. (Section 6 - SDP Specification) 

Xu , Huitema and Handley are analogous art because they present concepts 
and practices regarding communication control for middlebox devices such as NATs 
and firewalls. 

The Examiner respectfully suggests that at the time of the invention it would 
have been obvious to combine the teachings on middleboxes and SDP messages by 
Huitema into Xu . The combination of Huitema into the network of Xu would 1 ) enable 
the devices in the network to communicate and pass identification information using the 
SDP messages, and 2) enable the Call Control Manager (CCM) server of Xu to 
recognize and control the NAT/firewall as a 'middlebox'. The suggested motivation for 
doing so would be, as Huitema suggests, enable the network of Xu to 1 ) allow for third 



Application/Control Number: 10/037,043 Page 24 

Art Unit: 2144 

parties to provide transport policy enforcement, and 2) overcome the traversal scenarios 
that Huitema describes. (Abstract, Introduction) 

Furthermore, the Examiner respectfully suggests that at the time of the 
invention it would have been obvious to combine the teachings regarding pre-defined 
attributes mechanisms on SDP messages by Handley into the combined teachings of 
Huitema and Xu . The said combination of Handley into the combined network of 
Huitema and Xu would facilitate sending the identity information from the middlebox to 
the other devices in the network. The suggested motivation for combining would have 
been, as Handley suggests, in order to have a standard format for session initiation- 
related information, using text in the ISO 10646 character set in UTF-8 encoding for 
enhanced portability. The encoding was designed with strict order and formatting rules 
so that most errors would result in malformed announcements which could be detected 
easily and discarded. This also allows rapid discarding of encrypted announcements for 
which a receiver does not have the correct key. (Section 6 - SDP Specification) 

Therefore it would have been obvious to combine Huitema into Xu , and further 
combine Handley into the combination of Huitema and Xu , in order to arrive at the 
invention as described in Claims Claims 1 -1 2, 1 5-1 6, 1 8-27. 

Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Xu et al. 
(US Publication 2002/01 14322) hereinafter referred to as Xu, in view of Huitema (IETF 
Working Document 'MIDCOM Scenarios'), further in view of Handley et al. ( IETF 
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Working Document RFC2327 'SDP:Session Description Protocol'), hereinafter referred 
to as Handley, further in view of Srisuresh et al. (IETF Working Document ' Middlebox 
Communication Architecture and Framework'), hereinafter referred to as Srisuresh. 

With respect to Claim 13, the combination of Xu and Huitema do not disclose a 
method as claimed in claim 1 wherein said NAT/Firewall control node is a MIDCOM 
agent. 

Srisuresh discloses the MIDCOM Architecture and Framework wherein the 
middlebox controlling node is called a MIDCOM agent. Srisuresh discloses said agents 
to be nodes external to a middlebox, possessing a combination of application specific 
intelligence and knowledge of middlebox function so as to assist the middleboxes to 
perform their functions. (Section 4.0 MIDCOM Agents) 

Xu , Huitema, Handley and Srisuresh are analogous art because they present 
concepts and practices regarding communication control for middlebox devices such as 
NATs and firewalls. The Examiner respectfully suggests that at the time of the 
invention it would have been obvious to combine the teachings on MIDCOM agents by 
Srisuresh into the combination of Xu , Huitema, and Handley The combination of 
Srisuresh into the network of Xu, Huitema, and Handley would 1 ) allow the CCM server 
to be enabled as a MIDCOM agent. The suggested motivation for doing so would have 
been, as Srisuresh suggests, to take advantage of existing in-path and out-of-path 
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devices that already possess the application intelligence. (Section 4.1.1 In-Path 
MIDCOM Agent Illustration) 

Therefore it would have been obvious to combine Srisuresh into the combination 
of Huitema, Xu, and Handley in order to arrive at the invention as described in Claim 
13. 

Claim 1 7 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Xu et al. 
(US Publication 2002/01 14322) hereinafter referred to as Xu, in view of Huitema (IETF 
Working Document 'MIDCOM Scenarios'), further in view of Handley et al. ( IETF 
Working Document RFC2327 'SDP:Session Description Protocol'), hereinafter referred 
to as Handley further in view of Elgebaly et al. (US Publication 2002/0152325), 
hereinafter referred to as Elgebaly . 

With respect to Claim 17, the combination of Xu, Huitema, and Handley do not 
disclose a method as claimed in claim 1 wherein said middlebox-identity-providing node 
is arranged to determine the identity of the first middlebox by automatically analysing 
the communications network. 

Elgebaly discloses of communication protocol for NAT type devices, wherein the 
receiver of protocol data are configured to inspect endpoint values. If an embedded 
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address is non-routable, NAT has been detected. (Page 2 Paragraphs 19-20, 
Paragraphs 23-27, Page 4 Paragraph 45-47) 

Xu, Huitema, Handley, and Elgebaly are analogous art because they present 
concepts and practices regarding communication control for middlebox devices such as 
NATs and firewalls. 

The Examiner respectfully suggests that at the time of the invention it would 
have been obvious to combine the teachings on detecting NAT devices by Elgebaly into 
the combination of Xu, Huitema, and Handley . The combination of Elgebaly into the 
combination of Xu, Huitema, and Handley would 1 ) other device in the network to 
detect the NAT device and determine the NAT device identification information. The 
suggested motivation for doing so would have been, as Elgebaly suggests, in order to 
overcome shortcomings for certain protocols when used in conjunction with NAT 
devices. (Page 1 Paragraph 4-6) 

Therefore it would have been obvious to combine Elgebaly into the combination 
of Xu, Huitema, and Handley , in order to arrive at the invention as described in Claim 
17. 

Response to Arguments 

Applicant's arguments filed 06/20/2005 have been fully considered but they are 
not persuasive. Furthermore, new grounds for rejection have been provided. 

The Examiner's Claim Objections on Claims 26 and 28 have been withdrawn. 
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The Examiner maintains the rejection for Claims 1,18, 24, 25 under USC 1 12 2 nd 
Paragraph. While Applicant states that support for the said features can be found in the 
drawings the Applicant has not cited any specific section of the drawings or 
specifications. While citing other embodiments for a middlebox identity-providing node 
the Applicant has not addressed the limitation indicating 'more directly connected' or ' 
connected closer in the communications network'. 

The Examiner maintains the rejection for Claims 21 and 22 under USC 101 . 

The Examiner maintains the rejection for Claims 1- 13, 15- 28 under USC 103(a) 
as presented in the prior Office Action, as being anticipated by Schuster et al. 

The Applicant presents the following argument(s) [in italics]: 
Under any reasonable interpretation, the router 26 of Schuster comprises a 
middlebox. However, taking this forward, what Schuster does not then disclose are i) a 
middlebox-identity-providing node and ii) a middlebox control node. 

The Examiner respectfully disagrees with the Applicant. As the Applicant has 
stated in the Specifications and Amendments, '.. a middlebox identity-providing node 
may comprises a middlebox itself, a user terminal (entity associated with a middlebox) 
or a gateway connected between the middlebox control node and the entities. ' Thus in 
disclosing the routers and NAT nodes in the system disclosed by Schuster, the 
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combination of Schuster and Huitema has disclosed a middlebox identity-providing 
node. In Column 23 Lines 1 0-1 5 Schuster disclosed that the router may also be acting 
as an RSIP gateway, which may also act as a middlebox identity-providing node. 
Furthermore in Column 23 Lines 15-30 Schuster disclosed of a proxy server that may 
also act as a middlebox control node. Thus the combination of Schuster and Huitema 
disclosed a middlebox identity-providing node and a middlebox control node. 



The Applicant presents the following argument(s) [in italics]: 
It is quite clear therefore that the NAT control node (item 18) is connected closer 
in the communications network to the entities such as user terminal (telephone) 22 than 
the identity-providing node which is the converse of the arrangement of the present 
invention. 

The Examiner respectfully disagrees with the Applicant. The Applicant has not 
provided guidance on how the control node is deemed 'closer 1 to the entities. The 
Examiner notes that the nodes shown in Schuster Figure 1 may be easily redrawn to 
show that the identity-providing node is closer to the entities without affecting the normal 
operation of the system. 
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Conclusion 



The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Please refer to the enclosed PTO-892 form. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Greg Bengzon whose telephone number is (571) 272- 
3944. The examiner can normally be reached on Mon. thru Fri. 8 AM - 4:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David Wiley can be reached on (571 ) 272-3923. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov, Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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